CVE-2021-20238
https://notcve.org/view.php?id=CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. • https://bugzilla.redhat.com/show_bug.cgi?id=1926568 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVE-2022-0718 – python-oslo-utils: incorrect password masking in debug output
https://notcve.org/view.php?id=CVE-2022-0718
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. Se ha encontrado un fallo en python-oslo-utils. Debido a un análisis inapropiado, las contraseñas con comillas dobles ( " ) causan un enmascaramiento incorrecto en los registros de depuración, causando que cualquier parte de la contraseña después de las comillas dobles sea texto plano • https://access.redhat.com/security/cve/CVE-2022-0718 https://bugs.launchpad.net/oslo.utils/+bug/1949623 https://bugzilla.redhat.com/show_bug.cgi?id=2056850 https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa https://security-tracker.debian.org/tracker/CVE-2022-0718 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-0711 – haproxy: Denial of service via set-cookie2 header
https://notcve.org/view.php?id=CVE-2022-0711
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. Se ha encontrado un fallo en la forma en que HAProxy procesa las respuestas HTTP que contienen el encabezado "Set-Cookie2". Este fallo podría permitir a un atacante enviar paquetes de respuesta HTTP diseñados que conllevaran a un bucle infinito, resultando eventualmente en una situación de denegación de servicio. • https://access.redhat.com/security/cve/cve-2022-0711 https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 https://www.debian.org/security/2022/dsa-5102 https://www.mail-archive.com/haproxy%40formilux.org/msg41833.html https://access.redhat.com/security/cve/CVE-2022-0711 https://bugzilla.redhat.com/show_bug.cgi?id=2053666 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-0532 – cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host
https://notcve.org/view.php?id=CVE-2022-0532
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. Se ha encontrado una vulnerabilidad de comprobación incorrecta de sysctls en CRI-O versiones 1.18 y anteriores. Las sysctls de la lista de sysctls "safe" especificadas para el cluster serán aplicadas al host si un atacante es capaz de crear un pod con un espacio de nombres del kernel hostIPC y hostNetwork An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster [0] will be applied to the host if an attacker can create a pod with a `hostIPC` and `hostNetwork` kernel namespace. • https://bugzilla.redhat.com/show_bug.cgi?id=2051730 https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls https://access.redhat.com/security/cve/CVE-2022-0532 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-3827 – keycloak-server-spi-private: ECP SAML binding bypasses authentication flows
https://notcve.org/view.php?id=CVE-2021-3827
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. Se ha encontrado un fallo en keycloak, en el que el flujo de vinculación ECP por defecto permite omitir otros flujos de autenticación. Al explotar este comportamiento, un atacante puede omitir la autenticación MFA mediante el envío de una petición SOAP con un encabezado AuthnRequest y Authorization con las credenciales del usuario. • https://access.redhat.com/security/cve/CVE-2021-3827 https://bugzilla.redhat.com/show_bug.cgi?id=2007512 https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v • CWE-287: Improper Authentication •